2cc6a81df47122ef30d017ac6ad9b494e611df127a523f2d2d28d5862741bcc4

Analysis

max time kernel
150s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2023, 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Amy-Statement 14th_March_2023 _.html
Size

3KB
MD5

97542f42644cedbd068203107c1fd6d1
SHA1

4cc4a9befc3df8fd54d3297712fc5145eac16aa9
SHA256

2cc6a81df47122ef30d017ac6ad9b494e611df127a523f2d2d28d5862741bcc4
SHA512

56aea83fdc39623dacc1baf5614b7b2433bb6ecd48a99c9eb63ce2d87bd63bb83fde324cd669af7b5d495950e8ab6fa05c7b0507e8581b5c54407d64c490f720

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133232819298824618"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2656	chrome.exe
2656	chrome.exe
1532	chrome.exe
1532	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe
Token: SeShutdownPrivilege	2656	chrome.exe
Token: SeCreatePagefilePrivilege	2656	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe
2656	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 4536	2656	chrome.exe	85
PID 2656 wrote to memory of 4536	2656	chrome.exe	85
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 3608	2656	chrome.exe	86
PID 2656 wrote to memory of 1484	2656	chrome.exe	87
PID 2656 wrote to memory of 1484	2656	chrome.exe	87
PID 2656 wrote to memory of 3880	2656	chrome.exe	88
PID 2656 wrote to memory of 3880	2656	chrome.exe	88
PID 2656 wrote to memory of 3880	2656	chrome.exe	88
PID 2656 wrote to memory of 3880	2656	chrome.exe	88
PID 2656 wrote to memory of 3880	2656	chrome.exe	88
PID 2656 wrote to memory of 3880	2656	chrome.exe	88
PID 2656 wrote to memory of 3880	2656	chrome.exe	88
PID 2656 wrote to memory of 3880	2656	chrome.exe	88
PID 2656 wrote to memory of 3880	2656	chrome.exe	88
PID 2656 wrote to memory of 3880	2656	chrome.exe	88
PID 2656 wrote to memory of 3880	2656	chrome.exe	88
PID 2656 wrote to memory of 3880	2656	chrome.exe	88
PID 2656 wrote to memory of 3880	2656	chrome.exe	88
PID 2656 wrote to memory of 3880	2656	chrome.exe	88
PID 2656 wrote to memory of 3880	2656	chrome.exe	88
PID 2656 wrote to memory of 3880	2656	chrome.exe	88
PID 2656 wrote to memory of 3880	2656	chrome.exe	88
PID 2656 wrote to memory of 3880	2656	chrome.exe	88
PID 2656 wrote to memory of 3880	2656	chrome.exe	88
PID 2656 wrote to memory of 3880	2656	chrome.exe	88
PID 2656 wrote to memory of 3880	2656	chrome.exe	88
PID 2656 wrote to memory of 3880	2656	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" "C:\Users\Admin\AppData\Local\Temp\Amy-Statement 14th_March_2023 _.html"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa29a69758,0x7ffa29a69768,0x7ffa29a69778
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1796 --field-trial-handle=1812,i,14529181135934422007,16786008926945712916,131072 /prefetch:2
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,14529181135934422007,16786008926945712916,131072 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1812,i,14529181135934422007,16786008926945712916,131072 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1812,i,14529181135934422007,16786008926945712916,131072 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1812,i,14529181135934422007,16786008926945712916,131072 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4028 --field-trial-handle=1812,i,14529181135934422007,16786008926945712916,131072 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4648 --field-trial-handle=1812,i,14529181135934422007,16786008926945712916,131072 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3224 --field-trial-handle=1812,i,14529181135934422007,16786008926945712916,131072 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 --field-trial-handle=1812,i,14529181135934422007,16786008926945712916,131072 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4236 --field-trial-handle=1812,i,14529181135934422007,16786008926945712916,131072 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4244 --field-trial-handle=1812,i,14529181135934422007,16786008926945712916,131072 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2824 --field-trial-handle=1812,i,14529181135934422007,16786008926945712916,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1532

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:896

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
ece258c7986dd3fbc1250ba4b5406888

SHA1
9f2a4b15adec564984cf89c2f6a5b8e13e21f093

SHA256
fd46be14559a408eb651948ee1cc71592c99273b5ebb5b5bf5c85b77d5dbc42b

SHA512
ebe4e2373741eaa7e4dcc1ca60f401cc5a31f8f9af72db7e9f0332527cfe4750f06d5f45379f127f52b7e82bf11805a2ccd335dd4ea3bd5dfbbb17dcfe66a149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9b3f6abad32b22889da13a35e1bbdfdd

SHA1
8fbafaa598f0144e722c8eea242c3d8c2e1ed720

SHA256
b33e38924e180916488921b7dc572bb3ed37d5904b09d78ea76daaf0ebf2688f

SHA512
ed071c353909ef22d74481a182004b49fae69b25b4ba8071d20c8fe8086bef23f5328ca3926ea3c717e36a10b225db572c020a722ccf388dc17563a5a4de2265

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d8ba7cb49078786cb4d5b83d08ac0972

SHA1
0efe97f8fef8ac51b42555e1e134212fcfe66b0b

SHA256
5c7b9e0bca0bdb50cdac10014e8e8eb8177d1976455403c263824b054ecd2a6f

SHA512
fea78c897cc5c52e443acb7e28f50840533aa212dbffc993b373a378a0df1834486759cc9df548baba5b13dea43403acdb8ad98730d7e309b5521c539afa90d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0570aa86325c4a8267c04940b8e9ec04

SHA1
986679bacc1172304cec1c1b8b5d88b461950ea1

SHA256
e1fc4e7bc7072372aba9cb70153d8b1c12f00973d749b85f01a7774438ff5ad5

SHA512
e6faf4096c206f00130c2417fed3ae321b119e980a4a13e24139847a848b3fc8079229b4e1b51e0f882d2322512b47c428d95d5445231656279bdf9a991d617e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3232e7a52ef852c0aceb382087b37c68

SHA1
a735c2e3f81dfeb09bdc3e6f0e9123227e6fef13

SHA256
aec625e6de83eda91ffd659481a34b93faaba24fdc6972b37871dcca4216e620

SHA512
4b2beb56b3420ce998279433525ed927abc181f3e115347a0212bd0e69df1ca9022b2db7052c6b66bbd1a897f1d15548d973f8adda71c7131e64ed51576be6b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c5d6f7cc12b9545afee0f0e74cc7c4d4

SHA1
7f5be5e6ea3e64dca7eaf28c655271c497b2e5b5

SHA256
04840fe0dee9d9d085732bb60a6573acde98b17e9ef22e1ef9deefc5fba470c1

SHA512
120e29493fb75e54b305d54c960e6bdd12fec4c4d643e18edb209cb379b10cabb1737653fba60e93964a4494f2f868fc61e31876767832999aca917d0884fd98

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
94664a087e3ee2b52acfa7d217474ccf

SHA1
45201c71d5ab5ba6bda9c0b522bbc2b7b12884da

SHA256
cae3d306aac32d08b6703caf4be8773cdd2237864ce5cbd3d9f701fa1de5b5eb

SHA512
a53d510b5253f126e3a68439d838fd18a75062737f028bebbb61aca1ec483d87285d919d656f101dd988614497145a08685b151a58783e6ceec47c3c1ddb20ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
144KB

MD5
6fd86fce2c306eac1d5fd3e64227d659

SHA1
597c4a72996d4d17a14da1673f5ca3a164ac638e

SHA256
9f7b3c1d4c42a8e6cd890df5888e8e83de6670ba9a87a61ee6c8f241f14e6560

SHA512
e80b38d91c9c84cee74552107a44b81bf9cee26d5ef00b7ab158ae6caf6edc52e68f8e7df32317f0f16c3d844e3ad4fc31ea7ee0cd91cc636775b06149615d69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit